Security Breach

Events News

Webinar: Complying with Canada’s Upcoming Breach Notification Requirements (August 29)

I will participate, with Eduard Goodman, Global Privacy Officer for Cyberscout, at a webinar taking place on Tuesday, August 29, at 11 am PT / 2 pm ET on the management of cybersecurity breaches and notification requirements. The amendments to PIPEDA – through the Digital Privacy Act – will require private-sector organisations doing business in Canada to notify […] Read more


Legal Privilege for Data Security Incident Investigation Reports

My partner Brad Freedman recently published a short article on Legal Privilege for Data Security Incident Investigation Reports. Data security incident response activities usually involve the creation of sensitive communications and documents that might be subject to legal disclosure obligations unless they are protected by legal privilege. An organization’s ability to assert legal privilege over a communication […] Read more


Cybersécurité: Ce que tout dirigeant doit savoir en matière de gouvernance et gestion de risques

Je participerai à l’événement annuel Hop! Le Sommet du commerce de détail se déroulant au Palais des congrès de Montréal les 21 et 22 mars prochain. Je présenterai le 22 mars sur les enjeux en matière de Cybersécurité et protection des renseignements personnels. La plupart des commerces de détail, peu importe leur taille, leur réputation ou les […] Read more

Events Legal News Videos

With no global standard for data privacy, laws outside U.S. differ in scope

I was recently interviewed by CyberScout just after I appeared on a privacy panel at CyberScout’s Privacy XChange Forum entitled “Where In the World: A Quick and Easy Breakdown of Privacy Standards and Regulations”. In the interview, I summarize the breach notification regulations in Canada and discuss what should be included in a cybersecurity plan. I also discuss […] Read more


Ashley Madison Security Breach: Lessons Learned and Valuable Recommendations for all Businesses

On August 22, 2016, the Office of the Privacy Commissioner of Canada (OPC) released an important joint investigation report regarding the Ashley Madison data breach, which exposed the personal information of some 32 million users of the online dating website marketed to people who are married or in committed relationships. As part of its investigation, […] Read more


Forty hours on privacy

I will be teaching, for a fourth consecutive year, DRT-6929E-A, a privacy law course at the  University of Montreal Law Faculty. The class is offered to Masters degree students and takes place every Monday from 4 to 7pm, January 11 to April 11, 2016. I have been teaching since 2009 (e-commerce law from 2009 – […] Read more


Privacy class action update: Appeal dismissed in the IIROC security breach action

After the Investment Industry Regulatory Organization of Canada (IIROC or in French OCRCVM) who monitors all trading activity across the country suffered a security breach in April 2013 (an employee lost a USB drive containing the personal information of individuals with accounts at various brokerage firms), a class action was filed against IIROC, claiming 1,000$ for each […] Read more

Legal News

Guidance on how to protect personal information using adequate safeguards

My colleague Bradley Freedman published yesterday short piece entitled “Regulatory Guidance for Safeguarding Personal Information” in which he reviews the Office of the Privacy Commissioner of Canada (OPC) recently issued “Interpretation Bulletin – Safeguards” which provides non-binding guidance for compliance with statutory obligations to safeguard personal information. The Interpretation Bulletin is timely in light of […] Read more